package org.niugang.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
 * 基于安全认证的spring boot admin
 * 
 * @author niugang
 *
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// Page with login form is served as /login.html and does a POST on /login
		http.formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll();
		// The UI does a POST on /logout on logout
		http.logout().logoutUrl("/logout");
		// The ui currently doesn't support csrf
		http.csrf().disable();

		// Requests for the login page and the static assets are allowed
		//允许登录页面和静态资源的请求
		http.authorizeRequests()
				.antMatchers("/login.html", "/**/*.css", "/img/**", "/third-party/**","/test")
				.permitAll();
		// ... and any other request needs to be authorized
		//这点重要：所有请求都需要认证
		http.authorizeRequests().antMatchers("/**").authenticated();

		// Enable so that the clients can authenticate via HTTP basic for registering
		http.httpBasic();
	}
}